P-BIDS Population-Based Integrated Disease Surveillance

Privacy Policy

Last updated: February 03, 2026

1. Introduction

This Privacy Policy describes how the KEMRI PBIDS Web Application (the "Service") collects, uses, and protects information. This Service is an internal administrative tool designed for managing API keys, monitoring system logs, and authenticating administrative users.

2. Information We Collect

We collect several different types of information for various purposes to provide and improve our Service.

A. Personal Information

While using our Service, we may ask you to provide us with certain personally identifiable information ("Personal Information"). This includes:

  • Administrative Account Data: When you register for an account on this Service, we collect your email address, username, and a hashed password.
  • API Client Contact Information: When you create an API Client entry, we store the ClientName and ContactEmail you provide for that client.

B. Operational & Log Data

We automatically collect information that your browser or API clients send when they interact with our Service ("Log Data"). This Log Data includes:

  • IP Address: The Internet Protocol address of the computer or device making the request.
  • API Usage Details: The API routes accessed, HTTP methods used, status codes returned, and duration of the request.
  • Identifiers: Example ApiKeyId and ClientId associated with the request, as well as StudyCode if provided.
  • Error Information: For failed requests, we may log error messages and stack traces to assist with troubleshooting.

3. How We Use Your Information

The Service uses the collected data for the following internal purposes:

  • To provide and maintain the Service.
  • To authenticate and manage administrative user accounts.
  • To monitor the usage and health of our APIs for security, auditing, and performance tuning.
  • To detect, prevent, and address technical issues or unauthorized access.
  • To contact you (using your registered admin email or a client's ContactEmail) regarding important notices about your account, API keys, or service availability.

4. Information Sharing and Disclosure

This Service is an internal KEMRI tool. We do not sell, trade, or rent your Personal Information to third parties. Your information is for internal operational use only. We may disclose information if required to do so by law or in the good-faith belief that such action is necessary to comply with a legal obligation, protect the rights or property of KEMRI, or protect the personal safety of users of the Service.

5. Data Security

The security of your data is important to us. We implement a variety of security measures to maintain the safety of your information. Administrative account passwords are hashed using industry-standard ASP.NET Core Identity protocols. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

6. Data Retention

We retain your Personal Information (such as your admin account) for as long as your account is active. We retain operational Log Data for a period defined by KEMRI's internal data retention and audit policies. This may be for an extended period to comply with security and historical analysis requirements.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

8. Contact Us

If you have any questions about this Privacy Policy, please contact the PBIDS system administrator or the KEMRI [Insert Appropriate Department or Email].